CVE-2022-23862

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mbadanoiu/CVE-2022-23862	Exploit Third Party Advisory
https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf	Exploit
https://ysoft.com	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-22 16:15

Updated : 2024-10-30 21:21

NVD link : CVE-2022-23862

Mitre link : CVE-2022-23862

CVE.ORG link : CVE-2022-23862

JSON object : View

Products Affected

ysoft

safeq

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2022-23862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2024-10-22T16:15:05.443", "references": [{"url": "https://github.com/mbadanoiu/CVE-2022-23862", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mbadanoiu/CVE-2022-23862/blob/main/SafeQ%20-%20CVE-2022-23862.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://ysoft.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the \"NT Authority\\System\" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user."}, {"lang": "es", "value": " Se descubri\u00f3 un problema de escalada de privilegios locales en Y Soft SAFEQ 6 Build 53. El servicio JMX de SafeQ que se ejecuta en el puerto 9696 es vulnerable a ataques JMX MLet. Debido a que el servicio no aplicaba la autenticaci\u00f3n y se ejecutaba bajo el usuario \"NT Authority\\System\", un atacante puede usar la vulnerabilidad para ejecutar c\u00f3digo arbitrario y ascender al usuario del sistema."}], "lastModified": "2024-10-30T21:21:09.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ysoft:safeq:6.0:build53:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECE640BB-1291-40D3-A5BF-C60DF8074BC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}